Organisations join forces for smartcard certification

EMVCo, GlobalPlatform and the GSM Association (GSMA) have announced plans to develop a common, cross-industry certification model for secure elements with post-issuance capabilities. The aim is to simplify and speed up testing processes for pre-certified applications and certified UICC platforms, when they are redeployed.

The EMV standards body EMVCo, the international smart card infrastructure body GlobalPlatform, and global telecoms association the GSMA, have agreed to work together to define functional and security requirements for a common certification process. The resulting document will enable Mobile Network Operators (MNOs) and the payments industry to develop cross-industry certification schemes, for mobile platforms and payments applications respectively.

When fully developed and operational, these schemes will work together to ensure that any certified payment application will work with any certified UICC platform, reducing the incidence of certification failures when new application / platform combinations are subsequently added for testing.

The result will be significantly reduced testing and development costs and a faster time to market. Additionally, no further certifications will be necessary when loading applications with less stringent security requirements onto new UICC platforms.

The activity has been welcomed by the Association of French Mobile Operators (AFOM), the European Payments Council, the European Telecommunications Standards Institute (ETSI) and SIMalliance.

GlobalPlatform has been chosen to lead the initiative due to its cross-industry technical expertise. Gil Bernabeu, GlobalPlatform’s technical director, explained: “With an increasing number of parties delivering smart card solutions combining multiple applications from different sectors, the certification model will streamline testing requirements across the advancing smart card ecosystem. We believe that the creation of the model will increase overall market confidence. Although industry bodies such as MNOs and payment organizations will remain responsible for certifying technology compliance, GlobalPlatform hopes that adherence to the model and relevant security configurations will become commonplace.”

Brian Byrne, chair of the EMVCo board of managers, commented: “A common type approval approach for contactless mobile payment UICCs will avoid redundancy and conflicting efforts between different parties with approval authorities and interests. We see this as a natural extension of EMVCo’s commitment to provide a globally interoperable acceptance environment for secure payments. Our participation is aimed at ensuring the resulting type approval process is not only cost-effective and efficient, but that it is secure and flexible enough to meet the requirements of the payment and telecommunications industries.”

“Developing a UICC certification model for NFC services, that is cost effective and results in a short time to market will be critical for the commercial rollout of mobile NFC services worldwide”, adds Alex Sinclair, chief technology officer, GSMA.